AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results
Severity CVE ID Summary CVSS EPSS Package Date
HIGH CVE-2026-6542 Langflow: IDOR exposes cross-tenant flow data and deletion 8.1 0.0% langflow Apr 30 MEDI CVE-2026-3345 Langflow: path traversal allows arbitrary file read 6.5 0.1% langflow Apr 30 HIGH CVE-2026-4503 Langflow Desktop: IDOR leaks user images unauthenticated 7.5 0.1% langflow Apr 30 MEDI CVE-2026-4502 Langflow: path traversal enables arbitrary file write 6.5 0.1% langflow Apr 30 MEDI CVE-2026-3346 Langflow Desktop: stored XSS enables credential theft 6.4 0.0% langflow Apr 30 MEDI CVE-2026-3340 IBM Langflow: SSRF enables internal network enumeration 6.5 0.0% langflow Apr 30 HIGH CVE-2026-42449 n8n-mcp: SSRF bypass via IPv6 leaks API keys 8.5 0.0% n8n-mcp Apr 30 HIGH CVE-2026-40171 Jupyter Notebook: stored XSS enables full account takeover 0.1% @jupyterlab/help-extension Apr 30 UNKN CVE-2026-41686 @anthropic-ai/sdk: insecure file perms expose agent memory 0.0% @anthropic-ai/sdk Apr 29 HIGH E CVE-2026-41680 marked: infinite recursion DoS crashes Node.js via OOM 7.5 0.1% marked Apr 29 MEDI GHSA-gfg9-5357-hv4c openclaw: path traversal exposes host files via audio embed openclaw Apr 29 MEDI GHSA-c28g-vh7m-fm7v openclaw: auth bypass in owner command enforcement openclaw Apr 29 UNKN CVE-2026-42232 n8n: XML Node prototype pollution → RCE 0.1% n8n Apr 29 UNKN CVE-2026-42231 n8n: prototype pollution → RCE via Git node SSH 0.3% n8n Apr 29 UNKN CVE-2026-42235 n8n: stored XSS via MCP OAuth steals agent sessions 0.1% n8n Apr 29 UNKN CVE-2026-42226 n8n: IDOR exposes cross-user API key exfiltration 0.1% n8n Apr 29 UNKN CVE-2026-42234 n8n: Python sandbox escape enables container RCE 0.1% n8n Apr 29 UNKN CVE-2026-42227 n8n: IDOR leaks cross-project variables via API key 0.0% n8n Apr 29 UNKN CVE-2026-42236 n8n: unauthenticated MCP endpoint causes memory DoS 0.1% n8n Apr 29 UNKN CVE-2026-42228 n8n: WebSocket auth bypass hijacks AI agent workflows 0.1% n8n Apr 29

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial